[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    MacOS 9.2, Internet Explorer, Local Vulnerability
From:       Neeko Oni <neeko () haackey ! com>
Date:       2001-10-31 17:48:05
[Download RAW message or body]

Vulnerability:
	Access controls can be evaded on MacOS9.2 using Internet Explorer,
	allowing users to execute programs they otherwise would not be
	able to run.

Details:
	While in the college media lab I attempted to run MacSSH to get
	onto my home desktop, I received an error message telling me I
	did not have access to run said program.  By launching Internet
	Explorer 5 Macintosh Edition, and creating a 'ssh' helper application
	(with MacSSH as the helper application), I was able to execute MacSSH
	without problem. I was logged in under a general student account 
	(not Admin).  This has been tested with applications other than MacSSH.

Tested System:  MacOS9.2.1 on an iMac with Internet Explorer.

	If this is a known vulnerability, I apologize for the wasted bandwidth.
	It's dead simple, but could be used maliciously, quite obviously.

.Neeko Oni. [10.31.01]  Happy Halloween. 
 (neekooni@yahoo.com)

[prev in list] [next in list] [prev in thread] [next in thread]